DNS and UDP: A Comparison

Introduction

DNS (Domain Name System) is an application layer service that plays a crucial role in translating domain names into IP addresses. While DNS can use both UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) for communication, UDP is often preferred due to its specific characteristics. In this markdown, we will explore the reasons why DNS utilizes UDP and compare it with TCP.

UDP vs. TCP

The fundamental difference between UDP and TCP lies in their connection-oriented nature. UDP is connectionless, meaning there is no need for establishing or tearing down a connection. This attribute makes UDP more efficient in terms of transmitted traffic. In contrast, TCP requires a three-way handshake for connection establishment, leading to additional packets being exchanged.

DNS Lookup via TCP

Let's explore how a full DNS lookup would take place using TCP.

1. The requesting host sends a SYN packet to the local name server on port 53, the designated port for DNS.

2. The name server responds with a SYN-ACK packet, requiring the requesting host to send an ACK to complete the three-way handshake. This already involves three packets.

3. With the connection established, the requesting host sends the actual DNS request, such as asking for the IP address of "food.com."

4. The name server responds with another ACK, indicating that it received the request. We are now at five packets sent.

5. If the caching name server does not have the requested information, it needs to communicate with a root name server to determine the responsible name server for the top-level domain (TLD) ".com." This involves a three-way handshake, request, response, and ACK. Adding these packets brings us to a total of 16.

6. The recursive name server repeats the entire process to discover the authoritative name server responsible for "food.com." This involves 11 more packets, bringing the total to 27.

7. Finally, the recursive name server repeats the process again while communicating with the authoritative name server to obtain the IP address of "food.com." This adds an additional 11 packets, resulting in a running total of 38.

8. Once the local name server has the IP address, it can respond to the initial request and send a response to the DNS resolver. This involves two more packets, reaching a total of 40.

9. To close the TCP connection, a four-way handshake is required, adding four more packets. Thus, the grand total reaches 44 packets.

DNS Lookup via UDP

In contrast, DNS lookup using UDP requires significantly fewer packets. Here's how it would unfold:

1. The requesting computer sends a single UDP packet to its local name server on port 53, requesting the IP address of "food.com."

2. The local name server, acting as a recursive server, sends a UDP packet to the root server, which responds with the proper TLD name server. This involves three packets.

3. The recursive name server sends a packet to the TLD server and receives a response containing the correct authority server. This brings us to five packets.

4. Next, the recursive name server sends its final request to the authority name server, which responds with the IP address of "food.com." This adds two more packets, totaling seven.

5. Finally, the local name server responds to the DNS resolver with the IP address of "food.com." The overall packet count remains at eight.

Overhead and Simplicity

The comparison between TCP and UDP in DNS lookup highlights the overhead associated with TCP. While 44 packets may not seem significant in modern networks, the number quickly adds up when considering the volume of DNS traffic. DNS lookup is primarily performed to obtain the IP address needed for further data transmission, rather than out of curiosity.

Error Recovery and DNS

UDP lacks built-in error recovery mechanisms. However, DNS relies on a simple approach to handle failed requests. If a DNS resolver does not receive a response, it simply repeats the lookup, similar to TCP's retransmission functionality. This showcases the simplicity of DNS and UDP at the application layer.

DNS over TCP

It's worth mentioning that DNS over TCP exists and is utilized in various scenarios where DNS lookup responses exceed the capacity of a single UDP datagram. In such cases, a DNS name server would respond with a packet indicating that the response is too large. The DNS client would then establish a TCP connection to perform the lookup.

In conclusion, DNS predominantly uses UDP due to its connectionless nature, efficiency in transmitting smaller requests, and the simplicity it offers. TCP, with its connection-oriented approach, is not necessary for the relatively straightforward task of DNS lookup. However, DNS over TCP is available for cases where larger responses are required.

✨ 💻 🌐